At First Hawaiian Bank (FHB), we care about the security of your confidential information. We utilize various fraud monitoring technologies and strategies to protect your information, and we encourage you to review your company’s internal fraud prevention procedures regularly.

The sophistication and frequency of computer attacks is growing each year. Your efforts to protect your confidential information by monitoring and securing your computer(s), network, and electronic communications systems is critically important to protecting your business.

So, the threat of fraud is real. What can you do to prevent it?

For your protection, we encourage you to review the following Best Practice Fraud Precautions:

1. Be aware of Business Email Compromise (BEC) scams and other scams.
   Awareness of fraud risk helps businesses detect the scam before sending payments to the fraudsters. On-going training and reminders of the evolving threats of cyber-crime are crucial in preventing these frauds. Educate your employees, customers, family and friends on the types of scams that exist and what they need to do to protect themselves and your business
2. Review your bank account transactions daily.
   Contact the bank or your banker immediately if you detect any unauthorized transactions. Immediately cease all activity on any computer that you suspect may have been compromised.
3. Review your account statements regularly.
   Contact the bank or your banker immediately if you detect any unusual activity.
4. Establish a segregation of duties (dual control)
   Segregate duties so that individuals who have the responsibility for initiating wire or ACH transfers cannot approve or release those transfers.
5. Question and verify/confirm any ACH and wire requests
   Question and verify ACH or other transaction requests received over email, even internally, since the sender may be a victim of BEC. FHB does NOT accept ACH, wire, or other types of transaction requests received by email until they are confirmed by you to avoid BEC issues.
6. Install security software suite (e.g., firewall, antivirus, etc.)
   For all computers (PCs and network servers) that access financial websites, such as FHB Commercial Online (FCO) and FHB Online Business, install a security software suite from a reputable vendor that includes detection for viruses, spyware, malware and adware, as well as firewall protection. Use the automatic software update feature and configure it to perform complete system scans on a routine basis. If possible, establish and use a designated computer for financial transactions.
7. Create Intrusion Detection System Rules
   Create intrusion detection system rules that flag e-mails with extensions that are similar to company email.For example:
   • Legitimate e-mail from abc_company.com
   • Would flag fraudulent email from abc-company.com
8. Update all Software and Hardware
   Ensure that your operating system and application software, such as Microsoft Office, Adobe Flash, Adobe Acrobat/Reader etc., are updated. Install any software and hardware updates immediately when made available.
9. Block Personal Email Accounts on Work Computers
   Computers used to access FCO or FHB Online Business should be blocked from personal email accounts (such as Yahoo, Google, and Hotmail) and social networking websites where documents infected with viruses can be easily downloaded.
10. Avoid using Public Wi-Fi for Financial Transactions
    Whenever possible, do not use a public wireless network for financial transactions. If a wireless network must be used, enforce the latest security measures, such as enabling encryption (e.g. WPA2 is preferable to WPA, do not use WEP) and MAC address filtering, changing the service set identifier (SSID), and turning off SSID broadcasting. Never use a public wireless network without any security measures.
11. Do your homework before clicking on links
    Make sure you know the source of an email and the links that it is providing. Do not click on a link to reach your financial institution when listed in emails that are not from the financial institution. Instead, type the financial institution’s website address into the internet browser’s address bar every time.
12. Do not open emails from an unknown person or organization
    Do not open emails sent from an unknown person or organization or click on links or open attachments unless you are familiar with the sender. For FCO users, input your FHB Commercial Online security token code only when prompted after selecting the “Release” button. If you are prompted to enter your security token code at any other time, immediately log out and contact the Cash Management Service Center at (808) 844-3303.
13. Use a different login and password for each website/system and change them frequently.
    Use a different login and password for each website/system and change them frequently. Choose a password that uses a combination of numbers and letters that cannot be easily guessed by anyone else. Keep login information confidential and do not write it down. Do not use the same or similar password for FHB Commercial Online or FHB Online Business that you use for your work PC or any other service such as a personal email. Do not allow your computer or web browser to “save” or “remember” your login names or passwords.
14. Setup and use a “non-privileged user” account on your computer
    Having a non-privileged user account will prevent unauthorized changes to the computer. Use this non-privileged account for web browsing whenever possible. Consult with your company’s technical staff or the company that services the network for assistance.
15. Be cautious when posting personal information on the internet.
    Even “common” information about yourself (e.g. your high school, maiden name, date of birth) can be used by computer hackers to answer security questions to your accounts.
16. Do not send personal or account information via email or cell phone text message – even if the request appears to be from your financial institution or a person you know.
    Hang up if you receive a phone call prompting you to enter any personal or financial information. These are common “phishing” scams to steal your information.

For additional information:

• FBI Public Service Announcement I-082715a-PSA: https://www.ic3.gov/media/2015/150827-1.aspx
• Visa’s New Year’s Resolution…Resolve to Fight Malware: https://usa.visa.com/dam/VCOM/download/merchants/risk-new-year-resolution-2016-01-15.pdf
• Hawaii’s Partnership Against Fraud page: https://www.bbb.org/local-bbb/bbb-great-west-pacific

Being vigilant and implementing some of the recommendations above in your business is your best defense against being a victim, so be sure to share this information with your employees.

If you suspect you’ve become a victim of fraud or identify theft, contact us right away by calling 844-4444 (toll-free at 1-888-844-444).